Very long filenames?

Anthony Peacock a.peacock at chime.ucl.ac.uk
Fri Jun 29 16:27:53 IST 2007


Ken Goods wrote:
> I received this notification this morning. 
> 
> Subject: Re: 
> MessageID: l5TDre77020228
> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
> Report: MailScanner: Very long filenames are good signs of attacks against
> Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
> 
> I was just wondering how long is a *long* filename? This doesn't appear to
> be excessive as we commonly get Word documents that are much longer. I
> looked around but couldn't find the upper limit that triggers this rule.

In my config (filename.rules.conf) this is set as anything over 150 
characters.

MailScanner does some sanity editing of the filename before inserting it 
into the report, so the filename reported may not be exactly the same as 
the original filename.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"A CAT scan should take less time than a PET scan.  For a CAT scan,
  they're only looking for one thing, whereas a PET scan could result in
  a lot of things."    - Carl Princi, 2002/07/19


More information about the MailScanner mailing list